Re: [PacketFence-users] Restricting users to specific interfaces In-Line setup

Thu, 31 Aug 2017 05:20:12 -0700 

Hello Michael,

you will have to play with the iptables rules.

check in conf/iptables.conf and the current rules in
var/conf/iptables.conf, you will see what to do.

Also have a look at ipset -L , there is some ipset session for each
different network / roles.

Regards

Fabrice



Le 2017-08-31 à 04:55, HD | Michael Westergaard via PacketFence-users a
écrit :
>
> Hi All
>
>  
>
> We have a specific scenario where Wireless network Equipment does not
> support of band mode with Packetfence.
>
>  
>
> We want to do the following with the packetfence server using multiple
> in-line interfaces on different VLAN if it is possible.
>
>  
>
> Guest (VLAN20) on eth1 in-line mode packetfence connected with
> Wireless AP with SSID in VLAN 20
>
>  
>
> These users must only register to this interface and is able to access
> internet only.
>
>  
>
>  
>
> Production (VLAN30) on eth2 in-line mode packetfence connected with
> Wireless AP with SSID in VLAN 30
>
>  
>
> Internal users are able to access internal ressources, but we want to
> restrict them not allow any mobile device.
>
>  
>
>  
>
> It seems to me that user groups are not able to accomplish this
> design. Is it even possible or do you have other suggestions? The
> Packetfence server will be in routed mode to make ACL’s easier.
>
>  
>
>  
>
> Best
>
>  
>
> Mike
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users

-- 
Fabrice Durand
fdur...@inverse.ca ::  +1.514.447.4918 (x135) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence 
(http://packetfence.org) 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to